4.2 Explain the security implications of proper hardware, software, and data asset management Flashcards
Acquisition and Procurement
Acquisition
Process of obtaining goods and services
Acquisition and Procurement
Procurement
Entire process of sourcing and obtaining those goods and services, including all the processess that lead up to the acquisition
Data Classification
Based on the value to the organization and the sensitivity of the information, determined by the data owner
Public
No impact if released, often publicly accessible
Sensitive
Minimal impact if released
Private
Contains internal personnel or salary information
Critical
Extremely valuable and restricted information
Data owner
A senior executive responsible for labeling information assets and ensuring they are protected with appropriate controls. Should be someone who understands the data content and can classify appropriately
Data Controller
Entity responsible for determining data storage,collection,and ensuring the legality of these processes
Data Processor
A group or individual hired by the data controller to assist with tasks like data collection and processing
Data Steward
Focuses on meta data and data quality ensuring data is appropriately labeled and classified. Often working under the data owner
Data Custodian
Responsible for managing the systems on which data assets are stored including enforcing access controls , encryption, and backup measures
Privacy Officer
Oversees privacy related data such as PII and PHI and ensuring compliance with legal and regulatory frameworks.
Allocation or assignment of ownership
each asset assigned to a person or group known as owners
Asset Monitoring
Maintaining an inventory with specifications, locations, and assigned users